]>
Commit | Line | Data |
---|---|---|
2039c421 | 1 | /* |
33388b44 | 2 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
365a2d99 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
2039c421 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
11 | #include <time.h> | |
b379fe6c | 12 | #include <sys/types.h> |
d02b48c6 | 13 | |
b39fc560 | 14 | #include "internal/cryptlib.h" |
17f389bb | 15 | |
ec577822 BM |
16 | #include <openssl/bn.h> |
17 | #include <openssl/x509.h> | |
18 | #include <openssl/objects.h> | |
19 | #include <openssl/buffer.h> | |
20 | #include <openssl/evp.h> | |
25f2138b DMSP |
21 | #include "crypto/asn1.h" |
22 | #include "crypto/evp.h" | |
d02b48c6 | 23 | |
12d99aac | 24 | #ifndef OPENSSL_NO_DEPRECATED_3_0 |
73e92de5 | 25 | |
8bb826ee | 26 | int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, |
0f113f3e MC |
27 | char *data, EVP_PKEY *pkey) |
28 | { | |
bfb0641f | 29 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
0f113f3e MC |
30 | const EVP_MD *type; |
31 | unsigned char *p, *buf_in = NULL; | |
32 | int ret = -1, i, inl; | |
33 | ||
6e59a892 RL |
34 | if (ctx == NULL) { |
35 | ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); | |
36 | goto err; | |
37 | } | |
0f113f3e MC |
38 | i = OBJ_obj2nid(a->algorithm); |
39 | type = EVP_get_digestbyname(OBJ_nid2sn(i)); | |
40 | if (type == NULL) { | |
41 | ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); | |
42 | goto err; | |
43 | } | |
44 | ||
45 | if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { | |
46 | ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); | |
47 | goto err; | |
48 | } | |
49 | ||
50 | inl = i2d(data, NULL); | |
da84249b F |
51 | if (inl <= 0) { |
52 | ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_INTERNAL_ERROR); | |
53 | goto err; | |
54 | } | |
0f113f3e MC |
55 | buf_in = OPENSSL_malloc((unsigned int)inl); |
56 | if (buf_in == NULL) { | |
57 | ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); | |
58 | goto err; | |
59 | } | |
60 | p = buf_in; | |
61 | ||
62 | i2d(data, &p); | |
6e59a892 RL |
63 | ret = EVP_VerifyInit_ex(ctx, type, NULL) |
64 | && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl); | |
0f113f3e | 65 | |
4b45c6e5 | 66 | OPENSSL_clear_free(buf_in, (unsigned int)inl); |
0f113f3e MC |
67 | |
68 | if (!ret) { | |
69 | ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); | |
70 | goto err; | |
71 | } | |
72 | ret = -1; | |
73 | ||
6e59a892 | 74 | if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data, |
0f113f3e MC |
75 | (unsigned int)signature->length, pkey) <= 0) { |
76 | ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); | |
77 | ret = 0; | |
78 | goto err; | |
79 | } | |
0f113f3e MC |
80 | ret = 1; |
81 | err: | |
bfb0641f | 82 | EVP_MD_CTX_free(ctx); |
26a7d938 | 83 | return ret; |
0f113f3e | 84 | } |
09ab755c | 85 | |
73e92de5 DSH |
86 | #endif |
87 | ||
ded346fa DDO |
88 | int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg, |
89 | const ASN1_BIT_STRING *signature, const void *data, | |
90 | EVP_PKEY *pkey) | |
0f113f3e | 91 | { |
ded346fa DDO |
92 | return ASN1_item_verify_with_libctx(it, alg, signature, data, NULL, pkey, |
93 | NULL, NULL); | |
94 | } | |
95 | ||
96 | int ASN1_item_verify_with_libctx(const ASN1_ITEM *it, const X509_ALGOR *alg, | |
97 | const ASN1_BIT_STRING *signature, | |
98 | const void *data, | |
99 | const ASN1_OCTET_STRING *id, EVP_PKEY *pkey, | |
100 | OPENSSL_CTX *libctx, const char *propq) | |
101 | { | |
102 | EVP_MD_CTX *ctx; | |
bbaddbc0 | 103 | int rv = -1; |
bbaddbc0 | 104 | |
ded346fa DDO |
105 | if ((ctx = evp_md_ctx_new_with_libctx(pkey, id, libctx, propq)) != NULL) { |
106 | rv = ASN1_item_verify_ctx(it, alg, signature, data, ctx); | |
107 | EVP_PKEY_CTX_free(EVP_MD_CTX_pkey_ctx(ctx)); | |
108 | EVP_MD_CTX_free(ctx); | |
bbaddbc0 | 109 | } |
bbaddbc0 RL |
110 | return rv; |
111 | } | |
112 | ||
ded346fa DDO |
113 | int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, |
114 | const ASN1_BIT_STRING *signature, const void *data, | |
bbaddbc0 RL |
115 | EVP_MD_CTX *ctx) |
116 | { | |
117 | EVP_PKEY *pkey; | |
0f113f3e | 118 | unsigned char *buf_in = NULL; |
75394189 | 119 | int ret = -1, inl = 0; |
0f113f3e | 120 | int mdnid, pknid; |
da84249b | 121 | size_t inll = 0; |
0f113f3e | 122 | |
bbaddbc0 RL |
123 | pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); |
124 | ||
8267becb | 125 | if (pkey == NULL) { |
bbaddbc0 | 126 | ASN1err(0, ERR_R_PASSED_NULL_PARAMETER); |
0f113f3e MC |
127 | return -1; |
128 | } | |
129 | ||
130 | if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { | |
bbaddbc0 | 131 | ASN1err(0, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); |
0f113f3e MC |
132 | return -1; |
133 | } | |
134 | ||
0f113f3e | 135 | /* Convert signature OID into digest and public key OIDs */ |
ded346fa | 136 | if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid)) { |
bbaddbc0 | 137 | ASN1err(0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); |
0f113f3e MC |
138 | goto err; |
139 | } | |
bbaddbc0 | 140 | |
0f113f3e | 141 | if (mdnid == NID_undef) { |
12a765a5 | 142 | if (pkey->ameth == NULL || pkey->ameth->item_verify == NULL) { |
bbaddbc0 | 143 | ASN1err(0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); |
0f113f3e MC |
144 | goto err; |
145 | } | |
ded346fa | 146 | ret = pkey->ameth->item_verify(ctx, it, data, alg, signature, pkey); |
0f113f3e | 147 | /* |
bbaddbc0 RL |
148 | * Return values meaning: |
149 | * <=0: error. | |
150 | * 1: method does everything. | |
151 | * 2: carry on as normal, method has called EVP_DigestVerifyInit() | |
0f113f3e | 152 | */ |
bbaddbc0 RL |
153 | if (ret <= 0) |
154 | ASN1err(0, ERR_R_EVP_LIB); | |
155 | if (ret <= 1) | |
0f113f3e | 156 | goto err; |
0f113f3e | 157 | } else { |
da84249b F |
158 | const EVP_MD *type = EVP_get_digestbynid(mdnid); |
159 | ||
0f113f3e | 160 | if (type == NULL) { |
bbaddbc0 | 161 | ASN1err(0, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); |
0f113f3e MC |
162 | goto err; |
163 | } | |
164 | ||
165 | /* Check public key OID matches public key type */ | |
d55d0935 | 166 | if (!EVP_PKEY_is_a(pkey, OBJ_nid2sn(pknid))) { |
bbaddbc0 | 167 | ASN1err(0, ASN1_R_WRONG_PUBLIC_KEY_TYPE); |
0f113f3e MC |
168 | goto err; |
169 | } | |
170 | ||
6e59a892 | 171 | if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { |
bbaddbc0 | 172 | ASN1err(0, ERR_R_EVP_LIB); |
0f113f3e MC |
173 | ret = 0; |
174 | goto err; | |
175 | } | |
0f113f3e MC |
176 | } |
177 | ||
ded346fa | 178 | inl = ASN1_item_i2d(data, &buf_in, it); |
da84249b | 179 | if (inl <= 0) { |
bbaddbc0 | 180 | ASN1err(0, ERR_R_INTERNAL_ERROR); |
da84249b F |
181 | goto err; |
182 | } | |
0f113f3e | 183 | if (buf_in == NULL) { |
bbaddbc0 | 184 | ASN1err(0, ERR_R_MALLOC_FAILURE); |
0f113f3e MC |
185 | goto err; |
186 | } | |
da84249b | 187 | inll = inl; |
0f113f3e | 188 | |
75394189 DSH |
189 | ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length, |
190 | buf_in, inl); | |
191 | if (ret <= 0) { | |
bbaddbc0 | 192 | ASN1err(0, ERR_R_EVP_LIB); |
0f113f3e MC |
193 | goto err; |
194 | } | |
0f113f3e MC |
195 | ret = 1; |
196 | err: | |
da84249b | 197 | OPENSSL_clear_free(buf_in, inll); |
75394189 | 198 | return ret; |
0f113f3e | 199 | } |